gydeline

Processing Activity Record

Context: The GDPR requires organisations to maintain a detailed record of their processing activities. This requirement applies to organisations that process data for themselves and on behalf of others. The records created need to be made available to the supervisory authority on their request.

Data Protection Impact Assessment (DPIA)

Context: The data protection impact assessment is the key documentary requirement which arises in the GDPR. It’s purpose is to ensure that risks to the personal information of individuals have been considered and, where risks are identified, mitigated. It is a mandatory requirement in some instances but is advised across all processing of personal information. …

Data Protection Impact Assessment (DPIA) Read More »

Data processing contract

Context: It should be made clear up front that contracts are an area where specific legal advice should be sought. The detail given below gives an insight into the requirement stated within the GDPR. It will also be useful as a starting point to check the status of your current contracts.